From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1342672-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 2CDA2158087
	for <garchives@archives.gentoo.org>; Tue, 23 Nov 2021 20:13:37 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D5B79E07C9;
	Tue, 23 Nov 2021 20:13:35 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9F149E07C9
	for <gentoo-commits@lists.gentoo.org>; Tue, 23 Nov 2021 20:13:35 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 77E64343095
	for <gentoo-commits@lists.gentoo.org>; Tue, 23 Nov 2021 20:13:34 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 156351DD
	for <gentoo-commits@lists.gentoo.org>; Tue, 23 Nov 2021 20:13:33 +0000 (UTC)
From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" <asturm@gentoo.org>
Message-ID: <1637697892.a787119b1333e52653d3c394fcb0b56cbfd4d0ff.asturm@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: kde-apps/kimap/files/, kde-apps/kimap/
X-VCS-Repository: repo/gentoo
X-VCS-Files: kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch kde-apps/kimap/kimap-21.08.3-r1.ebuild
X-VCS-Directories: kde-apps/kimap/ kde-apps/kimap/files/
X-VCS-Committer: asturm
X-VCS-Committer-Name: Andreas Sturmlechner
X-VCS-Revision: a787119b1333e52653d3c394fcb0b56cbfd4d0ff
X-VCS-Branch: master
Date: Tue, 23 Nov 2021 20:13:33 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: f6251d0d-810c-4a7e-b119-531aab175d2b
X-Archives-Hash: 5c402246ea8c147b4013f492579dd228

commit:     a787119b1333e52653d3c394fcb0b56cbfd4d0ff
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 23 15:55:49 2021 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Tue Nov 23 20:04:52 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a787119b

kde-apps/kimap: Fix CVE-2021-38373

Upstream commit 5aed4138567934c3be20cddb60fe6d7d4a10da0f

KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423424
Bug: https://bugs.gentoo.org/807355
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 .../kimap/files/kimap-21.08.3-CVE-2021-38373.patch | 51 ++++++++++++++++++++++
 kde-apps/kimap/kimap-21.08.3-r1.ebuild             | 42 ++++++++++++++++++
 2 files changed, 93 insertions(+)

diff --git a/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch b/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch
new file mode 100644
index 000000000000..90d216b0b846
--- /dev/null
+++ b/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch
@@ -0,0 +1,51 @@
+From 5aed4138567934c3be20cddb60fe6d7d4a10da0f Mon Sep 17 00:00:00 2001
+From: Volker Krause <vkrause@kde.org>
+Date: Mon, 15 Nov 2021 18:18:28 +0100
+Subject: [PATCH] Treat SSL handshake errors as fatal also when using STARTTLS
+
+This fixes the infinite SSL error dialog loop also when using
+STARTTLS, the previous fix was only effective for direct TLS
+connections.
+
+CCBUG: 423424
+(cherry picked from commit cbd3a03bc1d2cec48bb97570633940bbf94c34fa)
+---
+ src/loginjob.cpp | 22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+diff --git a/src/loginjob.cpp b/src/loginjob.cpp
+index 7d53187..b5fbede 100644
+--- a/src/loginjob.cpp
++++ b/src/loginjob.cpp
+@@ -552,19 +552,15 @@ void LoginJob::connectionLost()
+ {
+     Q_D(LoginJob);
+ 
+-    // don't emit the result if the connection was lost before getting the tls result, as it can mean
+-    // the TLS handshake failed and the socket was reconnected in normal mode
+-    if (d->authState != LoginJobPrivate::StartTls) {
+-        qCWarning(KIMAP_LOG) << "Connection to server lost " << d->m_socketError;
+-        if (d->m_socketError == QAbstractSocket::SslHandshakeFailedError) {
+-            setError(KJob::UserDefinedError);
+-            setErrorText(i18n("SSL handshake failed."));
+-            emitResult();
+-        } else {
+-            setError(ERR_COULD_NOT_CONNECT);
+-            setErrorText(i18n("Connection to server lost."));
+-            emitResult();
+-        }
++    qCWarning(KIMAP_LOG) << "Connection to server lost " << d->m_socketError;
++    if (d->m_socketError == QAbstractSocket::SslHandshakeFailedError) {
++        setError(KJob::UserDefinedError);
++        setErrorText(i18n("SSL handshake failed."));
++        emitResult();
++    } else {
++        setError(ERR_COULD_NOT_CONNECT);
++        setErrorText(i18n("Connection to server lost."));
++        emitResult();
+     }
+ }
+ 
+-- 
+2.34.0
+

diff --git a/kde-apps/kimap/kimap-21.08.3-r1.ebuild b/kde-apps/kimap/kimap-21.08.3-r1.ebuild
new file mode 100644
index 000000000000..47f2ded2955a
--- /dev/null
+++ b/kde-apps/kimap/kimap-21.08.3-r1.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+ECM_TEST="forceoptional"
+PVCUT=$(ver_cut 1-3)
+KFMIN=5.84.0
+QTMIN=5.15.2
+inherit ecm kde.org
+
+DESCRIPTION="Library for interacting with IMAP servers"
+HOMEPAGE="https://api.kde.org/kdepim/kimap/html/index.html"
+
+LICENSE="GPL-2+"
+SLOT="5"
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+IUSE=""
+
+RDEPEND="
+	dev-libs/cyrus-sasl
+	>=dev-qt/qtgui-${QTMIN}:5
+	>=kde-apps/kmime-${PVCUT}:5
+	>=kde-frameworks/kcodecs-${KFMIN}:5
+	>=kde-frameworks/kcoreaddons-${KFMIN}:5
+	>=kde-frameworks/ki18n-${KFMIN}:5
+	>=kde-frameworks/kio-${KFMIN}:5
+"
+# TODO: Convince upstream not to install stuff with tests
+DEPEND="${RDEPEND}
+	test? ( >=dev-qt/qtnetwork-${QTMIN}:5 )
+"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2021-38373.patch" )
+
+src_test() {
+	# tests cannot be run in parallel #605586
+	local myctestargs=(
+		-j1
+	)
+	ecm_src_test
+}